Our client based in Seattle, WA is looking to hire a Security and Compliance Analyst who has a STRONG background with NIST to join our team for a 1 year+ project. The role will be 100% remote.

The ideal candidate will have at least 5 years of Data Center Operations, IT Asset disposition, Data Security, or Hardware Lifecycle Management in order to be considered and have proven experience with NIST.

• Candidates MUST reside in the continental United States to be considered.

About the Team

The IDC Security & Compliance organization (approximately 110 employees) is responsible for protecting one of the world’s largest infrastructure environments. The team spans threat detection, data center design security, compliance administration, leased data center security, and Data Bearing Device (DBD) governance.

This role specifically supports the DBD Governance function, receiving day‑to‑day direction from the governance lead. The team is actively modernizing processes and tooling, including the transition from paper‑based workflows to structured, auditable systems of record.

Role Summary

We are seeking a Data Bearing Device (DBD) Security Operations Analyst to support operational governance of physical storage media across its full lifecycle—deployment, movement, sanitization, reuse, and destruction. This role is hands‑on and operational, focused on intake triage, investigation, documentation, and cross‑functional coordination with data center operations, logistics, and engineering teams.

This is not a static compliance role. The analyst will make real, risk‑based decisions that directly impact the security posture of a global infrastructure environment.

Key Responsibilities

DBD Intake & Triage

• Triage incoming requests involving data bearing devices, including media moves, exception reviews, and sanitization status checks.

• Determine whether requests follow standard governance pathways or require escalation to the IDC Security team.

Investigation & Analysis

• Investigate device state using internal systems (e.g., SeRF, StrongBox, IBOS, PWM), including:

  • Provisioning history

  • Chain‑of‑custody records

  • Sanitization status

  • Inventory state

• Apply established precedents, internal policies, international standards, and industry best practices to decision‑making.

Documentation & Recordkeeping

• Document investigation findings and decision rationale in a clear, auditable manner.

• Support the ongoing transition from paper‑based workflows to structured database‑driven tracking.

• Track open requests through resolution and maintain accurate records.

Cross‑Functional Coordination

• Partner with data center operations, logistics, and engineering teams to ensure DBD security requirements are met.

• Support compliance verification for sanitization and destruction processes.

• Identify recurring request patterns and flag gaps in documentation, tooling, or process design.

Required Qualifications

• Bachelor’s degree or equivalent experience in information security, data center operations, or a related field.

• 5+ years of experience in one or more of the following:

  • Data center operations

  • IT Asset Disposition (ITAD)

  • IT asset management

  • Data security or hardware lifecycle management

• Strong understanding of data bearing device lifecycles, including deployment, sanitization, destruction, and reuse.

• Experience with asset tracking, inventory management, or chain‑of‑custody systems.

• Strong investigative and analytical skills, with the ability to research device history across multiple data sources.

• Clear, concise written communication skills for documenting findings and coordinating with stakeholders.

• Ability to work independently, manage multiple concurrent requests, and prioritize effectively.

Note: Candidates whose experience is limited to software or application security without exposure to physical infrastructure, hardware lifecycle management, or data center operations are unlikely to be a fit for this role.

Required Technical Experience

• Deep familiarity with NIST SP 800‑88 Rev. 1 media sanitization methods (Clear, Purge, Destroy) and how to apply them across different drive types and environments.

• Hands‑on experience designing or operating secure media sanitization processes, including:

  • Verification steps

  • Documented certificates of destruction

• Experience implementing and enforcing chain‑of‑custody controls from decommission through verified destruction, including tracking handlers, locations, and final disposition.

Preferred / Nice‑to‑Have Experience

• Familiarity with media sanitization standards such as NIST 800‑88 and IEEE 2883.

• Experience in hyperscale or enterprise data center environments.

• Exposure to AI‑enabled tooling or automation used in operational governance.

• Understanding of compliance frameworks (SOX, SOC 2, ISO, PCI) as they relate to physical media handling and destruction.

Certifications (Optional)

No certifications are required, but the strongest signals include:

• CHAMP / CITAM (IAITAM) – Hardware asset management

• CISA (ISACA) – IT audit and controls

• Blancco Certified Erasure Professional – Directly aligned with NIST 800‑88

Additional helpful certifications:

• CompTIA Security+ – Foundational security and media sanitization concepts

• CISSP (Domain 7) – Physical and environmental security, including media handling

Performance Measurement

Success in this role will be measured by:

• Triage accuracy: Decisions align with established standards and precedents (spot‑checked by the governance lead).

• Investigation completeness: Consistent use of all relevant systems before making recommendations.

• Response time: Intake requests triaged within defined SLAs.

• Escalation judgment: Standard cases handled independently; novel situations escalated appropriately.

• Documentation quality: Findings and rationale are clear, auditable, and reusable.

Candidate Value Proposition

• Direct involvement in securing data bearing devices across their full lifecycle at massive scale.

• Exposure to hyperscale data center security operations few organizations can offer.

• Opportunity to work with emerging standards (IEEE 2883, NIST 800‑88) applied in real‑world, high‑impact scenarios.

• Meaningful contribution to sustainability and circularity initiatives tied to hardware reuse and destruction.

• A growing governance function building new frameworks and tooling—not a checkbox compliance role.

Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, commuter benefits and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable.

Equal Opportunity Employer/Veterans/Disabled

Military connected talent encouraged to apply

To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate to https://www.lhh.com/us/en/candidate-privacy

The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:

• The California Fair Chance Act
• Los Angeles City Fair Chance Ordinance
• Los Angeles County Fair Chance Ordinance for Employers
• San Francisco Fair Chance Ordinance

Massachusetts Candidates Only: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.